Exchange 2003 seems to be open relay, but is not.. Who can help me?

Hello,

Today i noticed that somebody was trying to relay throught my server.
Relaying is denied, that is
for sure. But the ndr's are making a lot of trouble. I turned them of now,
but that cannot be the
correct fix, it is a work around.

Server: Windows 2000 SP 4

Ok what happens, first let's look at the relay check of abuse.net:
Relay test 8
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:spamtest@test.com
<<< 250 2.1.0 spamtest@test.com....Sender OK
>>> RCPT TO:<"securitytest@abuse.net">
<<< 250 2.1.5 "securitytest@abuse.net"@domain.com

As you can see, the message is accepted. But the message will be trashed and
an ndr will be sent to spamtest@test.com. That is not the correct way.

I think Exchange 2003 should answer with:
Relay test 7
>>> RSET
<<< 250 2.0.0 Resetting
>>> MAIL FROM:spamtest@test.com
<<< 250 2.1.0 spamtest@test.com....Sender OK
>>> RCPT TO:<securitytest%abuse.net@[212.238.x.x]>
<<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[212.238.x.x]

A 5.7.1 would be ok, because then the message is getting rejected before it
is submitted to the
Virtual SMTP server. Because that results in a ndr and lots of traffic and
lag :(

Hope somebody has an idea to fix this. I tried the following:
- Using a recipient policy on "*"@domain.com
- Using a sender policy
- Changing relay values

Nothing helped, I'm out of ideas and I cant get it the way i want (and what
is needed)

Grtx and lots, lots of thx for support!

Bas Koot.


0
ikke9135 (1)
2/18/2004 7:25:18 PM
exchange.admin 57650 articles. 2 followers. Follow

3 Replies
600 Views

Similar Articles

[PageSpeed] 11

Check the box that says "Filter users not in directory" - it should be in
the recipient filtering.  Then enable the recipient filtering on the SMTP
VS.

-- 
Hope that helps,
Dan Townsend

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send email to this address, post a reply to this newsgroup.

Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"Tha_Duck" <ikke@thaduck.nu> wrote in message
news:1037f4r3c1hho12@corp.supernews.com...
> Hello,
>
> Today i noticed that somebody was trying to relay throught my server.
> Relaying is denied, that is
> for sure. But the ndr's are making a lot of trouble. I turned them of now,
> but that cannot be the
> correct fix, it is a work around.
>
> Server: Windows 2000 SP 4
>
> Ok what happens, first let's look at the relay check of abuse.net:
> Relay test 8
> >>> RSET
> <<< 250 2.0.0 Resetting
> >>> MAIL FROM:spamtest@test.com
> <<< 250 2.1.0 spamtest@test.com....Sender OK
> >>> RCPT TO:<"securitytest@abuse.net">
> <<< 250 2.1.5 "securitytest@abuse.net"@domain.com
>
> As you can see, the message is accepted. But the message will be trashed
and
> an ndr will be sent to spamtest@test.com. That is not the correct way.
>
> I think Exchange 2003 should answer with:
> Relay test 7
> >>> RSET
> <<< 250 2.0.0 Resetting
> >>> MAIL FROM:spamtest@test.com
> <<< 250 2.1.0 spamtest@test.com....Sender OK
> >>> RCPT TO:<securitytest%abuse.net@[212.238.x.x]>
> <<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[212.238.x.x]
>
> A 5.7.1 would be ok, because then the message is getting rejected before
it
> is submitted to the
> Virtual SMTP server. Because that results in a ndr and lots of traffic and
> lag :(
>
> Hope somebody has an idea to fix this. I tried the following:
> - Using a recipient policy on "*"@domain.com
> - Using a sender policy
> - Changing relay values
>
> Nothing helped, I'm out of ideas and I cant get it the way i want (and
what
> is needed)
>
> Grtx and lots, lots of thx for support!
>
> Bas Koot.


0
dtown (976)
2/19/2004 1:10:44 PM
The following article explains the behavior you are seeing but does not
discuss how (it there even is a way) to change it.

304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay E-Mail
http://support.microsoft.com/?id=304897

Craig

-- 
Craig Philbeck
a-cphil@online.microsoft.com
Microsoft PSS

Please do not send email directly to this alias.  This alias is for
newsgroup purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights.
"Tha_Duck" <ikke@thaduck.nu> wrote in message
news:1037f4r3c1hho12@corp.supernews.com...
> Hello,
>
> Today i noticed that somebody was trying to relay throught my server.
> Relaying is denied, that is
> for sure. But the ndr's are making a lot of trouble. I turned them of now,
> but that cannot be the
> correct fix, it is a work around.
>
> Server: Windows 2000 SP 4
>
> Ok what happens, first let's look at the relay check of abuse.net:
> Relay test 8
> >>> RSET
> <<< 250 2.0.0 Resetting
> >>> MAIL FROM:spamtest@test.com
> <<< 250 2.1.0 spamtest@test.com....Sender OK
> >>> RCPT TO:<"securitytest@abuse.net">
> <<< 250 2.1.5 "securitytest@abuse.net"@domain.com
>
> As you can see, the message is accepted. But the message will be trashed
and
> an ndr will be sent to spamtest@test.com. That is not the correct way.
>
> I think Exchange 2003 should answer with:
> Relay test 7
> >>> RSET
> <<< 250 2.0.0 Resetting
> >>> MAIL FROM:spamtest@test.com
> <<< 250 2.1.0 spamtest@test.com....Sender OK
> >>> RCPT TO:<securitytest%abuse.net@[212.238.x.x]>
> <<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[212.238.x.x]
>
> A 5.7.1 would be ok, because then the message is getting rejected before
it
> is submitted to the
> Virtual SMTP server. Because that results in a ndr and lots of traffic and
> lag :(
>
> Hope somebody has an idea to fix this. I tried the following:
> - Using a recipient policy on "*"@domain.com
> - Using a sender policy
> - Changing relay values
>
> Nothing helped, I'm out of ideas and I cant get it the way i want (and
what
> is needed)
>
> Grtx and lots, lots of thx for support!
>
> Bas Koot.
>
>


0
a-cphil (97)
2/19/2004 1:41:36 PM
Turn on SMTP logging(all fields), what a couple of days, then import
those text(log) files into Excel or Access and sort based on IP,
grouping by counting and you can see which IP's are hitting you the
most. For the IP's and domains that you don't recognize, check that IP
address using ARIN, http://ws.arin.net/cgi-bin/whois.pl and see where
the registrar is located. Most likely will be Asia, SA, or Europe if
it's spam ore relay attemtps. I had this same problem, did what I've
discussed and blocked the following netblocks at my Cisco Internet
router using access-list 100 deny ip host xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx any
I blocked the following netblocks which include most all of Asia, some
European, and some known US spammers and my spam is 99.999% gone.
deny ip 202.0.0.0 0.255.255.255 any
deny ip 203.0.0.0 0.255.255.255 any
deny ip 217.0.0.0 0.255.255.255 any
deny ip 218.0.0.0 0.255.255.255 any
deny ip 219.0.0.0 0.255.255.255 any
deny ip 220.0.0.0 0.255.255.255 any
deny ip 221.0.0.0 0.255.255.255 any
deny ip 222.0.0.0 0.255.255.255 any
deny ip 188.0.0.0 0.255.255.255 any
deny ip 80.0.0.0 0.255.255.255 any
deny ip 81.0.0.0 0.255.255.255 any
deny ip 82.0.0.0 0.255.255.255 any
deny ip 60.0.0.0 0.255.255.255 any
deny ip 61.0.0.0 0.255.255.255 any
deny ip 62.0.0.0 0.255.255.255 any
deny ip 210.0.0.0 0.255.255.255 any
deny ip 211.0.0.0 0.255.255.255 any
deny ip 212.0.0.0 0.255.255.255 any
deny ip 213.0.0.0 0.255.255.255 any
deny ip 193.0.0.0 0.255.255.255 any
deny ip 194.0.0.0 0.255.255.255 any
deny ip 195.0.0.0 0.255.255.255 any
deny ip 38.0.0.0 0.255.255.255 any
deny ip 43.0.0.0 0.255.255.255 any
deny ip 133.0.0.0 0.255.255.255 any 
deny ip 83.0.0.0 0.255.255.255 any 

"Craig Philbeck [MSFT]" <a-cphil@online.microsoft.com> wrote in message news:<#rwrZ4u9DHA.548@TK2MSFTNGP11.phx.gbl>...
> The following article explains the behavior you are seeing but does not
> discuss how (it there even is a way) to change it.
> 
> 304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay E-Mail
> http://support.microsoft.com/?id=304897
> 
> Craig
> 
> -- 
> Craig Philbeck
> a-cphil@online.microsoft.com
> Microsoft PSS
> 
> Please do not send email directly to this alias.  This alias is for
> newsgroup purposes only.
> 
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "Tha_Duck" <ikke@thaduck.nu> wrote in message
> news:1037f4r3c1hho12@corp.supernews.com...
> > Hello,
> >
> > Today i noticed that somebody was trying to relay throught my server.
> > Relaying is denied, that is
> > for sure. But the ndr's are making a lot of trouble. I turned them of now,
> > but that cannot be the
> > correct fix, it is a work around.
> >
> > Server: Windows 2000 SP 4
> >
> > Ok what happens, first let's look at the relay check of abuse.net:
> > Relay test 8
> > >>> RSET
>  <<< 250 2.0.0 Resetting
> > >>> MAIL FROM:spamtest@test.com
>  <<< 250 2.1.0 spamtest@test.com....Sender OK
> > >>> RCPT TO:<"securitytest@abuse.net">
> > <<< 250 2.1.5 "securitytest@abuse.net"@domain.com
> >
> > As you can see, the message is accepted. But the message will be trashed
>  and
> > an ndr will be sent to spamtest@test.com. That is not the correct way.
> >
> > I think Exchange 2003 should answer with:
> > Relay test 7
> > >>> RSET
>  <<< 250 2.0.0 Resetting
> > >>> MAIL FROM:spamtest@test.com
>  <<< 250 2.1.0 spamtest@test.com....Sender OK
> > >>> RCPT TO:<securitytest%abuse.net@[212.238.x.x]>
> > <<< 550 5.7.1 Unable to relay for securitytest%abuse.net@[212.238.x.x]
> >
> > A 5.7.1 would be ok, because then the message is getting rejected before
>  it
> > is submitted to the
> > Virtual SMTP server. Because that results in a ndr and lots of traffic and
> > lag :(
> >
> > Hope somebody has an idea to fix this. I tried the following:
> > - Using a recipient policy on "*"@domain.com
> > - Using a sender policy
> > - Changing relay values
> >
> > Nothing helped, I'm out of ideas and I cant get it the way i want (and
>  what
> > is needed)
> >
> > Grtx and lots, lots of thx for support!
> >
> > Bas Koot.
> >
> >
0
2/23/2004 8:15:53 PM
Reply:

Similar Artilces: